Security Server Ubuntu 20.04 to 22.04 In-place Upgrade.

This document describes the steps required for upgrading a stand-alone Security Server host from Ubuntu 20.04 LTS host to Ubuntu 22.04 LTS. Please read carefully through the whole document before starting the upgrade process. It is assumed that the reader is familiar with the Ubuntu Linux distribution and has experience of Ubuntu release upgrades.

If the Security Server host to be updated has older Ubuntu version than Ubuntu 20.04, the update to 20.04 version should be done first for example Security Server Ubuntu 18.04 to 20.04 In-place Upgrade.

With the upgrade to Ubuntu 22.04 LTS, PostgreSQL is updated from version 12 to 14.

Alternative method: Upgrading Security Server to Ubuntu 22.04 Using a Configuration Backup

Preparations

If upgrading a system that uses a hardware security module: Please verify that the HSM is compatible with Ubuntu 22.04 and check the HSM module documentation for upgrade instructions.

Upgrading Ubuntu 20.04 to 22.04

  • Install update-manager-core if it is not already installed.

  • Make sure the Prompt line in /etc/update-manager/release-upgrades is set to 'lts'

  • Launch the upgrade tool with the command sudo do-release-upgrade

  • Follow the on-screen instructions.

  • When the upgrade is finished, reboot when prompted.

Upgrading the X-Road software

Upgrade the database

  • The Ubuntu upgrade process by default creates an empty database instance that should be removed before the old database is upgraded to version 14.

  • List the database instances with pg_lsclusters, and drop the extra ones
    Do not remove the version 12 (main) running on port 5432

    $ sudo pg_lsclusters Ver Cluster Port Status Owner Data directory Log file 12 main 5432 online postgres /var/lib/postgresql/12/main /var/log/postgresql/postgresql-12-main.log 14 main 5433 online postgres /var/lib/postgresql/14/main /var/log/postgresql/postgresql-14-main.log $ sudo pg_dropcluster --stop 14 main
  • Upgrade the old database to version 14.

    Ubuntu's pg_upgradecluster helper script by default dumps the old database, which can require a lot of time and free disk space if the database is large. The --method=upgrade uses pg_upgrade instead and the --link option avoids copying the data files.
    Using --link requires that the new and old database are in the same filesystem. See https://www.postgresql.org/docs/14/pgupgrade.html for details and recovery instructions.

Update the X-Road package repository to point to the Ubuntu 22.04 packages

Update the apt repository:

sudo apt-add-repository -r "deb https://artifactory.niis.org/xroad-release-deb focal-current main"
sudo apt-add-repository "deb https://artifactory.niis.org/xroad-release-deb jammy-current main"
(alternatively, edit /etc/apt/sources.list directly)

Upgrade the packages

sudo apt update && sudo apt full-upgrade

Then enable and start xroad services again. Although enable does not work with wildcards, so the services being enabled need to be listed all manually:

Services can be started with:

sudo systemctl start "xroad-*" --all

Verify that the security server services are running and the system is responding

* if the monitoring addon(s) are installed

Drop old database and obsolete packages

After verifying that the database upgrade was successful, drop the old database and remove obsolete PostgreSQL packages.

sudo pg_dropcluster 12 main
sudo apt purge postgresql-12
sudo apt autoremove

Troubleshooting

  • If recovery from a upgrade failure is not possible and there is a backup/snapshot available, one can restore it and start over.

  • If all else fails, do a clean Ubuntu 22.04 installation and restore the security server configuration from the backup.